Tuesday, July 31, 2012

super cyber security



while some online attacks are specific to particular browsers/versions, not all are, and just using safari on a windows machine is definitely not going to keep you safe.

sometimes i feel like somebody's watching me

from here (source image)

i suppose i must be showing my age with the caption i added to what i gather is actually a street art installation in prague. somehow i feel like it's pretty close to what the artist was trying to say, though.

Monday, July 30, 2012

the more things change...

from here (image source one, two, and three)

the more things change, the more they stay the same. some companies just shouldn't be trusted, and compromising customer machines with DRM is a pretty good indicator.

(inspiration)

totally rad security

found on very demotivational

just in case the term pornoscanner wasn't dissuasive enough. i wonder when we'll start to learn what the longer-term effects on the TSA agents who have to stand near those things will be.

Friday, July 27, 2012

yo dawg, i heard you like updates

found on memebase

keeping your software up to date has never been more recursive.

security olympics

from here (image source one, two, and three)

well, maybe there need to be a few more security guards than athletes, but nearly 4 times as many? that makes it very difficult to believe the focus is on athletics.

Thursday, July 26, 2012

POTUS on passwords



there's some contradictory advice in this speech bubble song (it is a song. check it, you'll see the rhymes) such as using a passphrase and not using dictionary words (what kind of phrase doesn't use dictionary words?) but overall there's still some good advice here.

when you see it...


this isn't a photoshop, it's a screenshot of nigeriagoogle dot com. it appears to be a prank since you can't actually enter anything in the search box, but i still don't trust it (maybe i'm paranoid). can you imagine someone trying this google/419 scam for real though?

Wednesday, July 25, 2012

i need a dan kaminsky



@SecurityHumor asked for someone to find this for him (i assume it's a him). i don't think i ever encountered this parody of the iphone vs htc evo video but it is pretty funny.

didn't see that one coming

from here (image source one, two, and three)

well, i guess that's how careful apple is about keeping malware out of the app store, folks - they don't even do a simple virus scan.

Tuesday, July 24, 2012

wile e. coyote was here

from here (source image)


i assume if you get the caption then you also get why you should probably steer clear of this deadfall trap (though i'm wondering who put it together in the first place - it's huge). thankfully looney tunes cartoons have taught us what a number of real world traps look like. shame they couldn't show us online traps too ("ssshhh, be vewy, vewy quiet. i'm phishing wabbits.")

deterrence fail

found on there i fixed it

it's so poorly connected in every other way, it's hard to believe it's actually plugged into anything. if you're going to put up a CCTV camera, maybe try not to make it look so busted. then maybe it will actually keep the bad guys away.

Monday, July 23, 2012

why not metasploit?

from here

i'm of two minds about the email mikko hypponen received from an iranian scientist: on the one hand, if metasploit can really cause such problems then the folks behind stuxnet, duqu, and flame must be kicking themselves for having wasted so much money. on the other hand, doesn't rfc1855 have something to say about reposting personal correspondence? i hope the scientist wasn't violating any rules or policies by reaching out.

someone just failed the blade runner voight-kampff test

found on the art of trolling

i don't think i've ever been quite so bold in proving an IM spambot was an IM spambot. i usually just settle for saying goodbye twice.

Friday, July 20, 2012

frictionless sharing

from here (source image)

gee, are there any other jokes i can make about facebook screwing people over with frictionless sharing (aka automatic sharing, aka broadcasting your activities even on external sites to everyone you know without asking you)?

unavailable on the internet

found here

i think this clever animation pretty much speaks for itself.

Thursday, July 19, 2012

secure password of the weak

from here (source image)

i suppose the fact that it's posted on a wall for everyone to see doesn't exactly help with the security either.

app store security mechanisms: gotta fool 'em all

found on the art of trolling


i'm not sure how funny this is, since it actually happened and people lost actual money, but i suppose the art of trolling is like that - hilarity depends on who you identify with.

oh yeah, and so much for that find&call app being the first iOS malware. when you're talking about financially motivated malware, apps that do nothing but collect payment from unsuspecting victims are the degenerate case.

Wednesday, July 18, 2012

LiveCD


they hoped for problems between my keyboard and chair
like some noob browsing pornsites in his underwear
won't be friending strangers, no matter how cool
cuz i know in the end that i'd just be playin' the fool


i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked


everyone likes to pretend there's nothing wrong
but they let the problems build up and go on too long
zuckerberg knows the way to be privacy smart
maybe if i mimic him my leaks won't even start


i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked


i won't scare
i won't scare
i won't scare
i won't scare
i won't scare
i won't scare


i won't click the things that you want me to
i ain't gonna send passwords to you
i do my banking with a LiveCD
protect my drive with an encryption key
i ain't gonna trade for things with my 'likes'
not even a chance to win a motorbike
one look at the URL is all it takes
i don't give a hoot about what you faked
and that would be a parody of weezer's "pork and beans". by the way, if you want to know more about banking with a LiveCD, check out brian krebs' article about it.


angry hacker

Angry hacker took an axe,
accessed servers in their racks.
When they saw what he had done,
he threatened to burn everyone.
never question a hacker with an axe, even if he might better be classified as a cracker without it. you don't want a lizzie borden situation on your hands.

Tuesday, July 17, 2012

someone's going to have a bad time

from here

i don't think it's a secret that intellectual property holders seem to like abusing the authority they've been given with the DMCA, but busting presidential candidates? yeah, that's only going to work so many times before it backfires.

that moment when...

from here (source image)

it's often said that security is a trade-off. that's because security has a cost. sometimes it's really not worth it.

Monday, July 16, 2012

the book worm has turned

found on failblog

while this may not be a realistic confrontation (or perhaps it is, it's been over a decade since i was in school), it is no less true that computers have given power to those who were powerless, and power can corrupt anyone.

insecurity gate

found on failblog

well, i suppose it might keep morbidly obese people out.

Friday, July 13, 2012

fish mouths

from here

this was supposed to be canned fish mouths. as strange as that idea is, i never would have expected to see something that could eat me before i ate it. careful what you open, whether in the real world on in  your computer - labels can be misleading and you could get bitten by something bad.

no wonder they're called Yahoo

nearly a half million passwords were extracted from the service in unhashed, unprotected, plaintext form? no wonder they're called Yahoo.

if the company Yahoo ever deserved the derogatory meaning of the word "yahoo", getting caught doing precisely NOTHING to protect user passwords seems like one of those times.

Thursday, July 12, 2012

dark comety

from here

if you don't maintain the moral high ground, don't be surprised when you take a spill on the slippery slope.

(inspiration)

he puts his pants on one guitar at a time

from here (source image)

from the "what could he possibly have been thinking" department.

Wednesday, July 11, 2012

keyless vs clueless

from here (source image one, two, and three)

i've seen stuff like this coming ever since i first heard of keyless entry/ignition. it was kind of inevitable.

flashdriving

from here

well, i suppose crushing flash drives under the wheels of your car might not be the most ecologically friendly approach, but given what those supposedly lost flash drives are actually there for i'm sure it would be personally satisfying.

Tuesday, July 10, 2012

how not to pull someone over

i don't tell many stories here, but sometimes i encounter something that bares closer scrutiny.

a couple weeks ago i was walking from the office to the bus stop when i passed what appeared to be some kind of law enforcement officer (judging by the uniform he was wearing) pulling over another vehicle. the officer had already exited his vehicle, trained some kind of tripod mounted equipment on the suspect vehicle, and was approaching the suspect vehicle as i came on the scene. the officer opened the passenger side door and leaned into the vehicle, apparently searching it, while the suspect driver remained in the driver's seat.

now, that alone seems a little strange to me after having seen plenty of cop shows; but it gets better, because you see the officer's own vehicle had it's windows rolled down and it's trunk wide open while he was half inside the suspect vehicle, distracted by the task at hand, and no doubt his view of his own vehicle would have been obscured even if he had been keeping an eye on it. imagine for a moment what kind of mischief i, or some other passer-by, could have gotten into with such unfettered access to an officer's vehicle and all it contains. the officer was in no position to see me, let alone stop me. it's a good thing i'm such an honest citizen or something much worse could have happened.

those in a position of authority often have special privileges including the ability to carry and use equipment that the average person doesn't have. what they must also realize is that with that comes special responsibility to maintain control over such equipment at all times. of course, if i was instead witnessing the filming of some ultra-low-budget crime drama, i think similar principles still apply.

DNSChanger is finally DONE!

from here

i dunno about you but i am SO tired of hearing about that piece of malware. glad the temporary DNS servers were finally shut down with little ill effect so we can all go back to worrying about other, more important things

Monday, July 9, 2012

if it works once, it can work twice

found on there i fixed it


padlocks on the gas and trunk. at first blush it might seem like those aren't inherently bad security, but then consider the fact that the car wasn't built to use padlocks there - the real security is in how securely those pieces of metal the locks fit into are attached to the car. is it glue? are they attached with screws? i once rented a room that used this method for locking the door - the little bits of metal were attached with screws, and of course i had a screwdriver.

Friday, July 6, 2012

facebook privacy super fail



you've heard of those parties that got out of hand after it was shared with too many people on facebook? well that can happen for anything and to anyone. be careful what you share on facebook, not just when you're sharing your own stuff but other people's stuff too.

"hacker", you keep using that word...

found on failbook

honestly, if this is what qualifies as a hacker then they hardly seem important at all.

(also, this apparently originally comes from here if you feel at all inclined to check out the artist's other comics)

Thursday, July 5, 2012

drop that zero and find yourself a hero

found on failbook

as important as updating is, there comes a point when enough is enough and you have to seriously consider kicking that software to the curb (aka uninstalling it).

call them phone support scammers, maybe?



i really like this example of the call me maybe meme, even though i'm more familiar with those scammers who call you up and tell you there's a problem with your computer being called phone support scammers. they do use the same scare tactics as fake av programs though.

and of course it's always funny when those kinds of scammers call up people in the security industry - you might as well be a pick pocket trying to rip off a cop.

Wednesday, July 4, 2012

f&#* the police

found on failbook

yes, that's right, this was on failbook, which means someone actually posted that picture on facebook and apparently went to jail for it (or so it would seem). it might just be one of the ultimate lolthreats when the bad guy laughs at his own idiocy.

incorrect password

found on memembase

yes, "found", as in i didn't do it. i've seen this joke on twitter but apparently someone thought it would make a good rage comic.

Tuesday, July 3, 2012

plane vs. tweezers



he makes an excellent point. i mean there has to be a limit to what ridiculous hijacking attempts you're going to seriously try to prevent. i hear in prison they actually make shivs out of toilet paper - can you imagine banning that on planes?

eye c(ispa) u

found on very demotivational

i suppose a bunch of eyes is even creepier than a bunch of cameras. perhaps that makes the point about the privacy-busting nature of cispa even more effectively.